QUESTION 241Refer to the exhibit. A network technician enters the following line into the router.Tidmore1(config)# access-list 106 deny tcp 192.168.254.0 0.0.0.255 any eq wwwWhat is the effect of this configuration?

A. The change has no effect on the packets being filtered.B. All traffic from the 192.168.254.0 LAN to the Internet is permitted.C. Web pages from the Internet cannot be accessed by hosts in the 192.168.254.0 LAN.D. No hosts in the 192.168.254.0 LAN except 192.168.254.7 can access web pages from the Internet.

Answer: A

QUESTION 242Refer to the exhibit. What statement is true of the configuration for this network?

A. The configuration that is shown provides inadequate outside address space for translation of the number of inside addresses that are supported.B. Because of the addressing on interface FastEthernet0/1, the Serial0/0 interface address will not support the NAT configuration as shown.C. The number 1 referred to in the ip nat inside source command references access-list number 1.D. ExternalRouter must be configured with static routes to networks 172.16.1.0/24 and 172.16.2.0/24.

Answer: C

QUESTION 243Refer to the exhibit. Statements A, B, C, and D of ACL 10 have been entered in the shown order and applied to interface E0 inbound, to prevent all hosts (except those whose addresses are the first and last IP of subnet 172.21.1.128/28) from accessing the network. But as is, the ACL does not restrict anyone from the network. How can the ACL statements be re-arranged so that the system works as intended?A. ACDBB. BADCC. DBACD. CDBA

Answer: D

QUESTION 244A network administrator is configuring ACLs on a Cisco router, to allow traffic from hosts on networks 192.168.146.0, 192.168.147.0, 192.168.148.0, and 192.168.149.0 only. Which two ACL statements, when combined, are the best for accomplishing this task? (Choose two.)

A. filtering packets that are passing through a routerB. to change the default administrative distance of a route in the route tableC. protecting a server from unauthorized accessD. controlling path selection, based on the route metric

Answer: A

QUESTION 246Which IPsec security protocol should be used when confidentiality is required?

A. MD5B. PSKC. AHD. ESP

Answer: D

QUESTION 247A network administrator needs to configure port security on a switch. Which two statements are true? (Choose two.)

A. The network administrator can apply port security to dynamic access ports.B. The network administrator can apply port security to EtherChannels.C. When dynamic MAC address learning is enabled on an interface, the switch can learn new addresses, up to the maximum defined.D. The sticky learning feature allows the addition of dynamically learned addresses to the running configuration.E. The network administrator can configure static secure or sticky secure MAC addresses in the voice VLAN.

Answer: CDExplanation:Follow these guidelines when configuring port security:Port security can only be configured on static access ports, trunk ports, or 802.1Q tunnel ports.A secure port cannot be a dynamic access port.A secure port cannot be a destination port for Switched Port Analyzer (SPAN).A secure port cannot belong to a Fast EtherChannel or Gigabit EtherChannel port group. You cannot configure static secure or sticky secure MAC addresses on a voice VLAN. When you enable port security on an interface that is also configured with a voice VLAN, you must set the maximum allowed secure addresses on the port to at least two.If any type of port security is enabled on the access VLAN, dynamic port security is automatically enabled on the voice VLAN.When a voice VLAN is configured on a secure port that is also configured as a sticky secure port, all addresses seen on the voice VLAN are learned as dynamic secure addresses, and all addresses seen on the access VLAN (to which the port belongs) are learned as sticky secure addresses.The switch does not support port security aging of sticky secure MAC addresses.The protect and restrict options cannot be simultaneously enabled on an interface.

QUESTION 248What are two characteristics of a switch that is configured as a VTP client? (Choose two.)

A. If a switch that is configured to operate in client mode cannot access a VTP server, then the switch reverts to transparent mode.B. On switches that are configured to operate in client mode, VLANs can be created, deleted, or renamed locally.C. The local VLAN configuration is updated only when an update that has a higher configuration revision number is received.D. VTP advertisements are not forwarded to neighboring switches that are configured in VTP transparent mode.E. VTP client is the default VTP mode.F. When switches in VTP client mode are rebooted, they send a VTP advertisement request to the VTP servers.

Answer: CFExplanation:VLAN Trunking Protocol (VTP)http://archive.networknewz.com/2004/0317.htmlVTP ModesServer Mode Once VTP is configured on a Cisco switch, the default mode used is Server Mode. In any given VTP management domain, at least one switch must be in Server Mode. When in Server Mode, a switch can be used to add, delete, and modify VLANs, and this information will be passed to all other switches in the VTP management domain. Client Mode When a switch is configured to use VTP Client Mode, it is simply the recipient of any VLANs added, deleted, or modified by a switch in Server Mode within the same management domain. A switch in VTP client mode cannot make any changes to VLAN information.Transparent Mode A switch in VTP Transparent Mode will pass VTP updates received by switches in Server Mode to other switches in the VTP management domain, but will not actually process the contents of these messages. When individual VLANs are added, deleted, or modified on a switch running in transparent mode, the changes are local to that particular switch only, and are not passed to other switches in the VTP management domain.